In this increasingly digitally interconnected world, the threat and impact of cyberattacks has escalated exponentially over the last 12 months. According to industry estimates, 43 per cent of companies have experienced a data breach in the last 12 months, with the average cost of an attack totalling £19,400, which can be crippling, particularly for small and medium-sized businesses.
Among the most prevalent forms of breach are ransomware, malware and phishing, with malicious actors targeting weaknesses in supply chains and third-party software and services, as evidenced recently by the NHS cyberattack in June. The problem has been exacerbated by the criminals’ increasing adoption of AI to launch more sophisticated and damaging cyberattacks than ever before.
The fallout from a cyberattack can be devastating for a business, not only operationally and financially, but also reputationally, with some, in a worst-case scenario, even going to the wall. That’s why it’s more critical than ever for the Channel the step up and protect not only itself but its customers from this ever-growing menace.
“The most significant emerging threats facing SMBs today are rooted in both technology advances and evolving attack strategies, particularly concerning AI,” said Harriet Robbins, product manager at Giacom. “Cyber criminals are increasingly targeting SMBs due to their limited cybersecurity resources, with 99 per cent of cyberattack attempts in the UK directed at SMBs and ransom demands typically aligned with the company’s turnover to increase the likelihood of payment.
“This constant pressure places SMBs at high risk and statistics highlight the urgency: research published by SoSafe in 2023 found that one in two organisations experienced a successful cyberattack in the preceding three years, and the National Cybersecurity Alliance estimates that around 60 per cent of small businesses shut down within six months of experiencing an attack.
“Additionally, SMBs are increasingly adopting digital and cloud services, which make their IT environments more complex and widen the attack surface, increasing the difficulty of securing their systems. New vulnerabilities have emerged with the rise in remote and hybrid working, and human error remains a key weakness. Phishing attempts, made more sophisticated by AI, are responsible for 84 per cent of breaches, underscoring the need for continuous employee training on cyber risks.”
Identity theft
By far the most widespread trend, though, continues to be personal and corporate identity theft, according to Andrew Napier, head of cloud and security product at PXC. That’s reflected in the fact, he said that hackers are using increasingly sophisticated tools and processes to exploit victims by stealing their credentials and selling them on to criminal gangs to launch highly-personalised cyberattacks.
Another key threat linked to identity theft, said Napier, is SIM swapping. This is where, he said, a weakness in a two-factor authentication is targeted to trick mobile phone carriers into sending texts and calls to a scammer, thus enabling them to gain control of personal information needed to get around the security and receive the one-time password from the service provider.
“One growth area is attacks on business’ cloud environments,” said Napier. “As data and workloads have moved to the cloud, attacks have followed, with many criminals becoming specialists in this area.
“Part of the problem is the assumption from cloud users that hyperscalers have security built into their services, which is often not the case. Customers need to view cloud as an extension of their IT estate, and make the access and security of a cloud resource equal to any other asset in their organisation.”
One of the biggest targets for hackers is IoT and M2M devices. Among the most high-profile were the cyberattacks on Bristol Airport’s flight information system, which was held for ransom, and the train information screens in Union Street station being used to display pornography during rush hour.
But there have also been more discreet, hidden attacks, where IoT devices were hacked to become part of botnets that are then used to power DDoS attacks. In many cases, the device owner may not even know they have been attacked until they receive their monthly bill and see that their connectivity consumption has increased dramatically.
In response, Jola provides SIMs that are used in a range of IoT and M2M devices. Its Mobile Manager portal uses real-time alerts and controls to provide visibility of SIM usage before the monthly bill arrives.
“We are acutely aware of the need to protect our resellers and their customers from the consequences of falling victim to a cybersecurity attack,” said Cherie Howlett, CMO, Jola. “Our approach goes beyond managing costs. If the application does not need access to the Internet, then why would you expose it online?
“Jola offers SIMs that provide secure private access back to a corporate network with no access to the Internet at all. This almost eliminates the ‘attack surface’ completely.“Jola has also been involved in some high-profile digital signage deployments where our approach to security has gone beyond just securing connectivity. We have provided secure devices with hardened device operating systems and configurations to deliver a truly secure solution.”
Cybersecurity solutions
Despite all the cybersecurity threats out there, there is help at hand. There are a range of products and tools available to channel partners to shield both themselves and their customers from cyber threats and attacks.
To achieve this, they need to ensure that their customers have the right updated equipment and software in place to protect themselves in the event of an attack, backed up by a robust incident response plan and regular penetration testing. By managing and maintaining an up-to-date technical stack, they can avoid any risks and resource burdens associated with end-of-life systems or outdated infrastructure.
Providers also need to educate their customers to ensure that they fully understand the risks they face, what their protections are and what they need. By working together in this way, they can find the best solution for their needs.
“The challenge for the reseller or MSP is to deliver a secure environment for the customer, without any disruption,” said PXC’s Napier. “The most successful customer engagements are those that are heavy on consultancy, engagement and tactical assessments that prove the likelihood of risk and the outcomes to a business, which helps allocate budget.
“Resellers need to understand how an organisation functions to deliver a solution. An emerging set of processes that can really aid customers is exposure management, designed to help customers gain awareness of their total exposure initially, and then over time.”
Giacom’s Robbins said that her company introduces security measures progressively so that customers don’t feel overwhelmed by the complexity or expense of implementing such protocols. She said that this layered framework enables companies to tackle immediate security gaps with affordable, straightforward solutions while also enabling them to eventually take advantage of more advanced protections as their resources and requirements grow.
“By adopting this or a similar structure, MSPs can help SMBs develop a security roadmap that balances protection with affordability,” said Robbins. “By progressively introducing advanced solutions like XDR and MDR in a manageable way, SMBs can achieve robust, scalable defences that adapt to their growth and evolving needs.”
John Golden, regional director, UK and Ireland, Nozomi Networks, said, “In today’s complex cybersecurity landscape, partners can provide highly effective solutions that focus on real-time visibility, threat detection and automated response capabilities. For instance, tools that integrate OT and IoT security monitoring across multiple sites can drastically reduce response times to cyber threats, enhancing operational resilience.”
Telcos and ISPs should also be looking to provide enterprise-grade firewalls for high-capacity circuit customers as the higher the capacity, the greater the chance it will host mission critical applications. By using effective edge defence, it will reduce the possibility of downtime. Added to that, network-based DDoS attack mitigation is also simple to deploy and highly effective in stopping a threat.
The billing industry is another prime target for hackers. Given the vast amount of sensitive financial and customer data handled on a daily basis, there’s the need to continually review and enhance security protocols to ensure that platforms are as secure as possible.
Candio’s SafeWeb scans for the dark web information such as emails, passwords and payment information, and reports any potential vulnerabilities. The updated version, SafeWeb Plus, launched in 2024, contains a host of other useful features, including Incident Response, which provides 24/7 assistance in case of a breach; Privacy Toolbox, which offers a comprehensive suite of templates and other resources to streamline compliance; and Phishing Simulation, which sends employees phishing email testers that mimic real-world scenarios.
“Partners shouldn’t be going to their end customers with just a product and good intentions,” said Tom Chedham, business development executive at Candio. “There needs to be a go-to-market strategy in place to identify security weaknesses and address them appropriately.”
Cloud vulnerabilities
While the cloud can provide greater security for companies, if it isn’t used properly, it can also present a host of risks. Many businesses either lack the expertise to configure cloud platforms securely or mistakenly assume that security is automatically included. This misconception can result in new infrastructure being deployed and sensitive data being migrated without proper protections, thus exposing the user to data breaches, unauthorised access and other cyber threats.
“Cybersecurity Alliance play a crucial role in helping organisations address these risks by assessing cloud configurations, identifying vulnerabilities and recommending necessary security measures,” said James Lavender, head of professional services, Orange Cyberdefense UK. “A comprehensive cloud security approach should involve setting up robust identity and access management, continuous monitoring and clear governance policies.”
Regular and updated employee training is another key component of a robust cybersecurity strategy. Given that 84 per cent of breaches originate from phishing, providers should focus on improving cybersecurity awareness in order to identify and address potential threats accordingly.
“Clear reporting channels for suspicious messages empower employees to flag potential threats without hesitation, improving early detection,” said Giacom’s Robbins. “Applying the principle of least privilege and enforcing admin rights management (regularly reviewing and cleansing permissions to control access to sensitive data) further mitigates risk if accounts are compromised. Reinforcing strong password hygiene, MFA and awareness of social engineering tactics like impersonation makes it harder for attackers to exploit human vulnerabilities.”
Jason Koffler, CEO, Critical Power Supplies, said, “One of the most significant trends on the horizon is the integration of backup power solutions with cybersecurity offerings. Businesses should consider how these two elements can work together to mitigate risks.
“For example, MSPs are beginning to bundle power management services with cybersecurity products, such as email filtering, web security and data encryption. This holistic approach allows companies to address vulnerabilities from multiple angles, ensuring that their operations remain secure and uninterrupted.”
Channel companies also need to ensure that their third-party vendors are adhering to the same cybersecurity standards. By establishing a continuous feedback loop, they can carry out real-time risk assessments and gain a thorough understanding of their data handling processes.
PXC’s Napier said, though, that a cybersecurity product or service is only as effective as its user. He said that while a partner may be able to buy in a great tool, without the skillset and experience needed to deploy it properly, it can present a huge risk.
“In the best-case scenario, you won’t be able to deliver full value and, thus, waste money on your investment, and, in the worst, you may leave the customer more vulnerable,” said Napier. “When it comes to implementing security solutions, it’s about ensuring proper diligence of the services you do offer.
“If you’ve just transitioned to Office 365, for example, you don’t need to back it up for it to work – but you should. By offering simple, self-serve backup and antivirus software and web filtering, you benefit both your customers, by providing a more secure environment for them to operate, and your business, with the opportunity to create more revenue and stickier customers.
“Self-learning anti-phishing training is also incredibly cost effective for businesses as a very high percentage of attacks are facilitated by users clicking links on fake emails. This training can help employees understand which emails are fake to avoid falling for these attacks and putting company data at risk.”
There are several simple steps that MSPs and resellers can take to protect themselves too. Chief among them is basic system hygiene and maintenance.That starts with using zero trust high complexity passphrases and making sure they’re regularly updated.
It’s also vital to monitor, update and patch IT systems and infrastructure to prevent cyber breaches, ensuring that every piece of equipment attached to a customer network, including bring-your-own and hybrid worker devices, is regularly scanned and patched.
“Zero trust architecture provides enhanced security, reducing the threat attack surface and minimising the risk of both internal and external threats,” said Anthony Dobson, regional director, sales for Arrow’s enterprise computing solutions business in the UK and Ireland. “Multi-factor authentication adds an essential layer of security, making it more challenging for attackers to gain unauthorised access to systems and data.”
AI adoption
AI and machine learning, while becoming increasingly more widely used by hackers, can also be used to counter the threat of an attack. It can be used to optimise security processes and protocols to detect and remediate threats, as well as predict future attacks, thus reducing downtime and disruption.
AI-driven exposure management tools can be used to provide a holistic view of a customer’s IT and telecoms estate to pinpoint and mitigate any risks. The technology can also be used to add context and highlight correlations between data sets, providing greater insights than a human analyst.
“AI significantly enhances cybersecurity offerings by enabling rapid threat detection, anomaly identification and efficient incident response,” said Giacom’s Robbins. “AI-powered tools analyse vast amounts of data across an SMB’s digital environment in real-time, quickly identifying suspicious patterns and potential risks.
“This capability is particularly valuable in tools like XDR, where AI can correlate data across end points, networks and cloud environments, flagging unusual activity before it escalates into a breach. Additionally, AI-driven automation reduces the need for human intervention, making it especially beneficial for SMBs with limited in-house cybersecurity resources. By strengthening the speed and accuracy of threat detection, AI helps MSPs offer SMBs a proactive, cost effective cybersecurity solution.”
Customers can also use cyber insurance to cover themselves against the fallout from a cyberattack. By taking a compliance-based approach using certifications such as the National Cyber Security Centre’s Cyber Essentials or Cyber Essentials Plus, putting the right protocols and protections in place, and providing the insurer with the key facts and information that they need to base their pricing, they can receive a more accurate quote and coverage.
“[Customers can keep their insurance costs down] by investing in good cyber hygiene and employee education, as well as achieving certification in recognised programmes and standards, such as ISO27001 and Cyber Essentials Plus,” said Nick Wardle, PRD’s chief information security officer. “These certifications not only demonstrate a commitment to high standards of information security, but also help reduce risk, which insurers look favourably upon.”
Troels Rasmussen, VP and GM security at N-able, said, “The world has changed and what was once only needed for the 24/7, 365 operations of the enterprise is now needed at mid-market level and below. Which means MSPs need vision into all aspects of their client’s infrastructure.
“The skills needed to make sense of this takes specialised training, experience and the right tools. While historically it would take months to find and hire the right talent to do this, today, MSPs can start offering enterprise-class security in hours if they are armed with the right solution.”
This market report was included in our December 2024 print issue. You can read the magazine in full here.